AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2025-11-16 · Documentation medium

File: cli/latest/reference/datazone/create-subscription-request.md

Summary

Added new parameters --asset-permissions and --asset-scopes with detailed permission structures, expanded subscribedPrincipals to include group/user types with IAM/SSO details, and updated CLI version reference

Security assessment

The changes add documentation for granular asset permissions (including S3 READ/WRITE controls) and expanded principal types with authentication details. While these are security-related features, there is no evidence of addressing a specific vulnerability. The changes improve access control documentation but don't reference any security incidents.

Diff

diff --git a/cli/latest/reference/datazone/create-subscription-request.md b/cli/latest/reference/datazone/create-subscription-request.md
index e66135e18..60d56ff1f 100644
--- a//cli/latest/reference/datazone/create-subscription-request.md
+++ b//cli/latest/reference/datazone/create-subscription-request.md
@@ -15 +15 @@
-  * [AWS CLI 2.31.35 Command Reference](../../index.html) »
+  * [AWS CLI 2.31.37 Command Reference](../../index.html) »
@@ -66,0 +67,2 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/datazo
+    [--asset-permissions <value>]
+    [--asset-scopes <value>]
@@ -96,0 +99,107 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/datazo
+`--asset-permissions` (list)
+
+> The asset permissions of the subscription request.
+> 
+> (structure)
+>
+>> The asset permissions.
+>> 
+>> assetId -> (string) [required]
+>>
+>>> The asset ID as part of the asset permissions.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * pattern: `^[a-zA-Z0-9_-]{1,36}$`
+>>> 
+
+>> 
+>> permissions -> (tagged union structure) [required]
+>>
+>>> The details as part of the asset permissions.
+>>> 
+>>> ### Note
+>>> 
+>>> This is a Tagged Union structure. Only one of the following top level keys can be set: `s3`.
+>>> 
+>>> s3 -> (list)
+>>>
+>>>> The S3 details of the asset permissions.
+>>>> 
+>>>> (string)
+>>>>
+>>>>> Possible values:
+>>>>> 
+>>>>>   * `READ`
+>>>>>   * `WRITE`
+>>>>> 
+
+
+Shorthand Syntax:
+    
+    
+    assetId=string,permissions={s3=[string,string]} ...
+    
+
+JSON Syntax:
+    
+    
+    [
+      {
+        "assetId": "string",
+        "permissions": {
+          "s3": ["READ"|"WRITE", ...]
+        }
+      }
+      ...
+    ]
+    
+
+`--asset-scopes` (list)
+
+> The asset scopes of the subscription request.
+> 
+> (structure)
+>
+>> The accepted asset scope.
+>> 
+>> assetId -> (string) [required]
+>>
+>>> The asset ID of the accepted asset scope.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * pattern: `^[a-zA-Z0-9_-]{1,36}$`
+>>> 
+
+>> 
+>> filterIds -> (list) [required]
+>>
+>>> The filter IDs of the accepted asset scope.
+>>> 
+>>> (string)
+>>>
+>>>> Constraints:
+>>>> 
+>>>>   * pattern: `^[a-zA-Z0-9_-]{1,36}$`
+>>>> 
+
+
+Shorthand Syntax:
+    
+    
+    assetId=string,filterIds=string,string ...
+    
+
+JSON Syntax:
+    
+    
+    [
+      {
+        "assetId": "string",
+        "filterIds": ["string", ...]
+      }
+      ...
+    ]
+    
+
@@ -256 +365,15 @@ JSON Syntax:
->> This is a Tagged Union structure. Only one of the following top level keys can be set: `project`.
+>> This is a Tagged Union structure. Only one of the following top level keys can be set: `group`, `project`, `user`.
+>> 
+>> group -> (structure)
+>>
+>>> The subscribed group.
+>>> 
+>>> identifier -> (string)
+>>>
+>>>> The ID of the subscribed group.
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * pattern: `^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$`
+>>>> 
+
@@ -270,0 +394,14 @@ JSON Syntax:
+>> 
+>> user -> (structure)
+>>
+>>> The subscribed user.
+>>> 
+>>> identifier -> (string)
+>>>
+>>>> The ID of the subscribed user.
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * pattern: `^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$`
+>>>> 
+
@@ -275 +412 @@ Shorthand Syntax:
-    project={identifier=string} ...
+    group={identifier=string},project={identifier=string},user={identifier=string} ...
@@ -282,0 +420,3 @@ JSON Syntax:
+        "group": {
+          "identifier": "string"
+        },
@@ -284,0 +425,3 @@ JSON Syntax:
+        },
+        "user": {
+          "identifier": "string"
@@ -660,0 +804,21 @@ subscribedListings -> (list)
+>>>> 
+>>>> permissions -> (tagged union structure)
+>>>>
+>>>>> The asset permissions.
+>>>>> 
+>>>>> ### Note
+>>>>> 
+>>>>> This is a Tagged Union structure. Only one of the following top level keys can be set: `s3`.
+>>>>> 
+>>>>> s3 -> (list)
+>>>>>
+>>>>>> The S3 details of the asset permissions.
+>>>>>> 
+>>>>>> (string)
+>>>>>>
+>>>>>>> Possible values:
+>>>>>>> 
+>>>>>>>   * `READ`
+>>>>>>>   * `WRITE`
+>>>>>>> 
+
@@ -798 +962,27 @@ subscribedPrincipals -> (list)
->> This is a Tagged Union structure. Only one of the following top level keys can be set: `project`.
+>> This is a Tagged Union structure. Only one of the following top level keys can be set: `group`, `project`, `user`.
+>> 
+>> group -> (structure)
+>>
+>>> The subscribed group.
+>>> 
+>>> id -> (string)
+>>>
+>>>> The ID of the subscribed group.
+>>>> 
+>>>> Constraints:
+>>>> 
+>>>>   * pattern: `^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$`
+>>>> 
+